Search Tutorials


Spring Boot 3 + Security - Change Default Username and Password (Set Custom Credentials)| JavaInUse

Spring Boot 3 + Security - Change Default Password (Set Custom Credentials)

In previous tutorial we implemented Spring Boot 3 + Security authentication simple example. We saw that on startup spring security enabled the authentication on default. Spring security creates default username and password for us. Also in another previous tutorial, using spring security configuration we disabled default spring security authentication. In this tutorial we will be modifying the spring security configuration to create custom username and password.

Video

This tutorial is explained in the below Youtube Video.

Spring Boot 3 Security

Simple Boot3 + Security in depth understanding
Simple Boot3 + Security - Disable Authentication 
Simple Boot3 + Security - Custom Credentials

Implement Security Configuration to create custom username and password

In previous tutorial we implemented Spring Boot 3 + Security authentication simple example. Here we had seen the internal working of Spring Security.
We will be modifying this project. The maven project will be as follows-
Spring Boot Security Disable authentication
For this tutorial let us first understand some spring security classes.
  • User - In Spring Security this class stores the username and password for the spring boot application.
  • UserDetailsService - This is an interface with a single method loadUserByUsername. The InMemoryUserDetailsManager implements this interface. This class has an instance of the spring security User class object. Using the InMemoryUserDetailsManager.loadUserByUsername, we can retrieve the User instance. This retrieved User instance is used during authentication. So the credentials entered by the user are compared with those of the retrieved User instance. If these match then the user is logged in successfully.
  • UserDetailsServiceAutoConfiguration - When no custom credentials are provided by the user, UserDetailsServiceAutoConfiguration creates a custom Spring Security User class with default username user and generated password. This Spring Security User class is then provided to InMemoryUserDetailsManager. If the user creates its own UserDetailsService bean, then the UserDetailsServiceAutoConfiguration gets automatically disabled. In this case we pass the new created user to be used by the InMemoryUserDetailsManager.
  • DaoAuthenticationProvider - This is where the comparison between the credentials entered by the user and the spring boot credentials happen.
Start the spring boot application. As we had not created a custom UserDetailsService bean, spring security will make use of UserDetailsServiceAutoConfiguration to create a Spring Security User class with default username user and generated password.
Spring Boot Security Config
So to use custom credentials for the spring boot application, we need to define a bean of type UserDetailsService. In previous tutorial, using spring security configuration we disabled default spring security authentication. We will create a similar configuration class named SecurityConfig. In this configuration class we will be creating an instance of UserDetailsService of type InMemoryUserDetailsService. In this UserDetailsService we will be configuring a User with custom username and password 
package com.javainuse.boot3security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {

	@Bean
	SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		http.formLogin();
		http.authorizeHttpRequests().anyRequest().authenticated();
		return http.build();
	}
	
	@Bean
	UserDetailsService userDetailsService() {
		InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();
		UserDetails user = User.withUsername("javainuse").password("javainuse").authorities("read").build();
		userDetailsService.createUser(user);
		return userDetailsService;
	}

}
Start the Spring Boot Application. We can see that now in the console no default password is created by the spring security library.
Spring Boot Security Config
Go to localhost:8080/hello we will get spring security login page.
Spring Boot Security Hello World
Enter the credentials we specified in above configuration class i.e. username and password as javainuse. We get the exception as below- java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id "null"
Spring Boot Security No PasswordEncoder Exception
Spring Security 4, allowed the storage of passwords in plain text using in-memory authentication. However from Spring Security 5 it is necessary to specify a password encoder. In a previous tutorial Spring Boot Security - Password Encoding Using BCrypt we had seen what is the need for password encoding. Next we configure a bcrypt password encoder as follows- 
package com.javainuse.boot3security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {

	@Bean
	UserDetailsService userDetailsService() {
		InMemoryUserDetailsManager userDetailsService = new InMemoryUserDetailsManager();
		UserDetails user = User.withUsername("javainuse").password(passwordEncoder().encode("javainuse"))
				.authorities("read").build();
		userDetailsService.createUser(user);
		return userDetailsService;
	}

	@Bean
	BCryptPasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Bean
	SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
		http.formLogin();
		http.authorizeHttpRequests().anyRequest().authenticated();
		return http.build();
	}

}
Start the application again. If we now login in again with the custom credentials we are able to log in.

Download Source Code

Download it -
Spring Boot 3 Security - Custom Credentials

Popular Posts

1Z0-830 Java SE 21 Developer Certification Prepare with Notes and Real Time Practice Tests 1Z0-819 Java SE 11 Developer Certification Prepare with Notes and Real Time Practice Tests 1Z0-829 Java SE 17 Developer Certification Prepare with Notes and Real Time Practice Tests AWS AI Practitioner Certification Prepare with Notes and Real Time Practice Tests AZ-204 Azure Developer Associate Certification Prepare with Notes and Real Time Practice Tests AZ-305 Azure Solutions Architect Expert Certification Prepare with Notes and Real Time Practice Tests AZ-400 Azure DevOps Engineer Expert Certification Prepare with Notes and Real Time Practice Tests DP-100 Azure Data Scientist Associate Certification Prepare with Notes and Real Time Practice Tests AZ-900 Azure Fundamentals Certification Prepare with Notes and Real Time Practice Tests PL-300 Power BI Data Analyst Certification Prepare with Notes and Real Time Practice Tests Spring Professional Certification Prepare with Notes and Real Time Practice Tests Azure AI Foundry Hello World What is Azure AI Foundry Azure AI Agent Hello World Set up and run your first agent Foundry vs Hub Projects When to choose Foundry or hub-based Build Agents with SDK Threads, messages, runs in Python Bing Web Search Agent Ground agents with real-time data Function Calling Agent Custom functions & tool integration Spring Boot + Azure Key Vault Hello World Example Fetch secrets from Azure Key Vault in Spring Boot Spring Boot + Elasticsearch + Azure Key Vault Example Secure Elasticsearch config using Azure Key Vault Spring Boot Azure AD (Entra ID) OAuth 2.0 Authentication Connect Spring Boot to Azure AD using OAuth2 Deploy Spring Boot App to Azure App Service Host Spring Boot application on Azure App Service Secure Azure App Service using Azure API Management Protect deployed Spring Boot app with API Management Deploy Spring Boot JAR to Azure App Service Deploy executable JAR directly to Azure Deploy Spring Boot + MySQL to Azure App Service Host Spring Boot with MySQL database on Azure Spring Boot + Azure Managed Identity Example Access Azure Key Vault using Managed Identity Secure Spring Boot Azure Web App with Managed Identity + App Registration Secure Spring Boot app via Azure Portal configuration Elasticsearch 8 Security - Integrate Azure AD OIDC Integrate Azure AD OIDC with Elasticsearch & Kibana